DLL注入到QT应用程序中

逆向工程 dll注入 qt
2021-07-07 06:35:05

我对这个东西很陌生,所以如果我问的任何东西有点愚蠢,请原谅。我正在尝试将 DLL 注入 QT 应用程序并调用一些 QT 函数。我使用 notepad.exe 或 explorer.exe 进行了注入,但我尝试过的所有其他内容(Spotify、一些 QT 应用程序、Skype 等)都不会显示我的消息框,尽管注入本身不会引发任何错误。

这是我的注射器程序的代码:

#include "stdafx.h"
#include "windows.h"
#include <iostream>

using namespace std;
char const path[] = "C:\\InjectedDll.dll";

void setDebugPrivilege()
{
    HANDLE hToken;
    TOKEN_PRIVILEGES privileges;
    privileges.PrivilegeCount = 1;
    privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
    {
        std::cout << "Failed to open process." << std::endl;
    }
    if (!LookupPrivilegeValue(0, SE_DEBUG_NAME, &privileges.Privileges[0].Luid))
    {
        std::cout << "Failed to look up privileges." << std::endl;
    }
    if (!AdjustTokenPrivileges(hToken, false, &privileges, sizeof(privileges), 0, 0))
    {
        std::cout << "Failed to adjust token privileges." << std::endl;
    }
    CloseHandle(hToken);
}

int main(int argc, char* argv)
{
    setDebugPrivilege();

    HWND hWnd;
    hWnd = FindWindowA(0, "Spotify");
    if (!hWnd) {
        std::cout << "Could not find editor window." << std::endl;
    }

    DWORD pId;
    GetWindowThreadProcessId(hWnd, &pId);
    if (!pId) {
        std::cout << "Could not find process id." << std::endl;
    }

    HANDLE hProcess;
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pId);
    if (!hProcess) {
        std::cout << "Failed to open process." << std::endl;
    }

    HANDLE allocatedAddress;
    allocatedAddress = VirtualAllocEx(hProcess, 0, sizeof(path), MEM_COMMIT, PAGE_EXECUTE_READWRITE);

    WriteProcessMemory(hProcess, (void*)allocatedAddress, (void*)path, sizeof(path), 0);

    HANDLE hRemoteThread;
    hRemoteThread = CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA"), allocatedAddress, 0, 0);
    if (!hRemoteThread) {
        std::cout << "Failed to create remote thread: " << GetLastError() << std::endl;
    }

    WaitForSingleObject(hRemoteThread, INFINITE);
    VirtualFreeEx(hProcess, allocatedAddress, sizeof(path), MEM_DECOMMIT);
    CloseHandle(hProcess);

    system("Pause");

    return 0;
}

这是我的基本 DLL.h:

#pragma once
#include "windows.h"

#ifdef INJECTEDDLL_EXPORTS
    #define INJECTED_DLL_API __declspec(dllexport)
#else
    #define INJECTED_DLL_API __declspec(dllimport)
#endif

INJECTED_DLL_API LRESULT CALLBACK newWndProc(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam);
INJECTED_DLL_API DWORD WINAPI creation();
INJECTED_DLL_API int WINAPI DllMain(HINSTANCE hInstance, DWORD reason, LPVOID reserved);

和 DLL.cpp:

#include "injected_dll.h"

DWORD WINAPI creation()
{
    MessageBoxW(HWND_DESKTOP, L"Failed to subclass window.", L"Noez!", MB_OK);
    return TRUE;
}

int WINAPI DllMain(HINSTANCE hInstance, DWORD reason, LPVOID reserved)
{
    if (reason == DLL_PROCESS_ATTACH)
    {
        CreateThread(0, 0, (LPTHREAD_START_ROUTINE)creation, 0, 0, 0);
    }
    return true;
}

那么谁能告诉我为什么这不起作用?我尝试了这两种方法,使用 MessageBoxA(..) 和 MessageBoxW(..) 和 MessageBox(..),它们都在 notepad.exe 上工作,但没有一个在其他程序上工作。

0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇作为个人,我可以从哪里获取恶意软件样本进行分析? 下一篇如何在 IDA Pro 中传播枚举类型?